package com.ui.basic.controller.stduser;

import java.util.Date;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.jsecurity.SecurityUtils;
import org.jsecurity.session.Session;
import org.jsecurity.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

import com.common.basic.base.BaseController;
import com.common.basic.util.Globals;
import com.ui.basic.command.CommandChangePswd;
import com.ui.basic.ibatis.model.system.TblSUser;
import com.ui.basic.service.stduser.ChangePasswordService;

@Controller
public class ChangePasswordController extends BaseController {
	private static final transient org.apache.commons.logging.Log LOGGER = org.apache.commons.logging.LogFactory.getLog(ChangePasswordController.class);
	
	@Autowired
	private ChangePasswordService changePasswordService;

	public void setChangePasswordService(ChangePasswordService changePasswordService) {
		this.changePasswordService = changePasswordService;
	}
	
	@RequestMapping(value = "/changePasd.form", method = RequestMethod.POST)
	public ModelAndView showForm(
			HttpServletRequest request,
			HttpServletResponse response) {
		LOGGER.debug("***ChangePasswordController.showForm()");

		//** security validation
		if (getRequestValidation(request, response)==null) {
			return null;
		}
		
		Subject currentUser = SecurityUtils.getSubject();
		Session session = currentUser.getSession();
		TblSUser tbMUser = (TblSUser) session.getAttribute(Globals.USER_KEY);

		ModelAndView view = new ModelAndView("changepswd.form");
		CommandChangePswd commandChangePswd = new CommandChangePswd();
		commandChangePswd.setId(tbMUser.getId());

		view.addObject(commandChangePswd);

		return view;
	}
	
	@RequestMapping(value = "/changePasd.save", method = RequestMethod.POST)
	public String save(
			HttpServletRequest request,
			HttpServletResponse response,
			@ModelAttribute("commandChangePswd") CommandChangePswd commandChangePswd,
			BindingResult result, Model model) {
		LOGGER.debug(">>>ChangePasswordController.save");

		//** security validation
		if (getRequestValidation(request, response)==null) {
			return null;
		}

		validator.validate(commandChangePswd, result);

		if (!hasFieldErrors(request, response, result)) {
			try {
				Subject currentUser = SecurityUtils.getSubject();
				Session session = currentUser.getSession();

				TblSUser user = (TblSUser) session.getAttribute(Globals.USER_KEY);
				
				if (!user.getPassword().equals(commandChangePswd.getCurPassword())) {
					sendError(response, getMessage(request, "error.wrongOldPassword"));
					return null;
				}
				
				user = new TblSUser();
				user.setId(commandChangePswd.getId());
				user.setPassword(changePasswordService.convertMD5(commandChangePswd.getPassword()));
				user.setChangedby((String) (session.getAttribute(Globals.CURRENT_USER_NAME)));
				user.setChangeddate(new Date());
				commandChangePswd.setUser(user);
				changePasswordService.save(commandChangePswd);
				return "redirect:homeview";
			} catch (Exception e) {
				LOGGER.error("ERROR :: "+e.getMessage());
				sendError(response, getMessage(request,"error.changePassword"));
				return null;
			}
		}
		return null;
	}
}
